Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/0bPTCv9ivEay6ti69F214LZgHdc.roa
File: 0bPTCv9ivEay6ti69F214LZgHdc.roa (raw, json)
Hash identifier: +6t1Eo9wJ4oKn0P2cCB74QYTFah5c7cfG0K0GOfGuq4=
Subject key identifier: D1:B3:D3:0A:FF:62:BC:46:B2:EA:D8:BA:F4:5D:B5:E0:B6:60:1D:D7
Certificate issuer: /CN=852bc145c5b22394d6feae996bc0bb25254801c6
Certificate serial: 0194221FD042B2E356C7F96BE2ADC0F804C8
Authority key identifier: 85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/0bPTCv9ivEay6ti69F214LZgHdc.roa
Signing time: Wed 01 Jan 2025 13:48:17 +0000
ROA not before: Wed 01 Jan 2025 13:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34233
IP address blocks: 83.137.192.0/21 maxlen: 21
83.137.192.0/22 maxlen: 22
83.137.196.0/24 maxlen: 24
2a00:a0c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:d0:42:b2:e3:56:c7:f9:6b:e2:ad:c0:f8:04:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=852bc145c5b22394d6feae996bc0bb25254801c6
Validity
Not Before: Jan 1 13:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d1b3d30aff62bc46b2ead8baf45db5e0b6601dd7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:10:fa:b7:26:a0:8a:d5:3d:7b:b1:02:4b:09:
0f:6f:5c:3b:d3:36:dc:20:38:ba:5c:4e:33:00:c4:
31:b6:cb:ee:27:c5:d1:9f:39:b3:ed:47:66:7e:a7:
c7:96:5d:31:77:fc:f9:75:d7:b1:6f:b1:5b:96:70:
65:b6:fd:29:ce:f5:d8:83:0d:a1:2d:2e:a9:8a:31:
25:6f:1e:ad:b0:ae:9a:63:52:13:25:b2:09:d8:90:
af:07:b9:b4:9c:72:73:8d:2f:00:59:98:35:45:7c:
dc:78:68:60:20:1f:be:0f:24:96:91:43:e4:8d:2a:
38:13:3c:9d:8c:32:9e:57:30:47:30:d7:b7:74:a5:
37:30:b8:c3:a1:d3:0d:05:c8:3f:5c:06:0e:92:3d:
e3:42:fa:60:dc:69:bc:21:d8:b8:67:e5:47:c6:43:
97:5b:33:b7:d6:87:e0:d3:90:f8:54:17:74:f8:1e:
a9:8f:f0:ee:95:7c:85:1a:42:96:b9:7e:37:38:3b:
40:d9:ce:3c:71:29:52:e8:87:e1:f3:ae:26:71:7d:
10:ca:90:08:64:ef:d3:77:1f:99:58:45:94:20:df:
4a:0a:f0:54:25:83:3c:a5:1b:05:cf:dc:4e:af:6d:
b3:02:30:ec:88:30:b7:58:f8:eb:6a:81:d3:61:b8:
42:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:B3:D3:0A:FF:62:BC:46:B2:EA:D8:BA:F4:5D:B5:E0:B6:60:1D:D7
X509v3 Authority Key Identifier:
keyid:85:2B:C1:45:C5:B2:23:94:D6:FE:AE:99:6B:C0:BB:25:25:48:01:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hSvBRcWyI5TW_q6Za8C7JSVIAcY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/0bPTCv9ivEay6ti69F214LZgHdc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ca4ff5-48a8-4ecc-ba73-8d0710f3d276/1/hSvBRcWyI5TW_q6Za8C7JSVIAcY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.192.0/21
IPv6:
2a00:a0c0::/32
Signature Algorithm: sha256WithRSAEncryption
3a:cd:51:b8:85:22:ef:9f:ab:35:c9:84:6a:db:b8:e8:fb:64:
6c:75:16:6e:0d:67:c3:4e:02:51:74:a5:77:17:79:d5:2e:6f:
b7:94:d5:c5:18:5c:18:44:fb:0c:4a:a5:2b:bf:9a:cd:78:b8:
88:4e:4f:62:e5:a9:eb:da:d3:24:af:45:6f:05:f3:2b:a8:5d:
20:1a:74:3d:14:6a:e7:2d:c0:c5:32:1a:a3:df:29:a0:fc:5e:
49:ea:15:d1:2c:f8:c2:72:8e:a4:fe:ea:bf:5c:37:c4:96:1b:
4d:c8:1c:9e:76:50:8b:3a:81:48:62:23:ca:a1:7a:ac:05:b9:
09:8f:bf:b1:69:b1:7e:8d:66:8c:14:70:36:73:b0:3b:cf:b7:
57:20:c6:10:41:e0:99:4e:3e:6a:bd:81:51:c9:ce:61:fe:fe:
aa:af:dc:d7:ba:07:85:01:67:37:c4:98:80:3f:83:bd:9f:94:
79:fa:37:84:57:42:84:8f:95:6b:db:7c:1f:aa:62:82:ef:ad:
38:7d:92:6d:7b:a0:4a:26:d1:df:de:44:53:1a:a9:21:98:06:
b1:99:44:7b:72:88:48:3d:f4:4c:9c:62:9f:dd:98:e1:e9:93:
d6:07:2d:4b:a5:28:ef:21:3c:be:fd:74:fc:45:af:15:da:e9:
89:e7:d8:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH9BCsuNWx/lr4q3A+ATIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MmJjMTQ1YzViMjIzOTRkNmZlYWU5OTZiYzBiYjI1MjU0
ODAxYzYwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWIzZDMwYWZmNjJiYzQ2YjJlYWQ4YmFmNDVkYjVlMGI2NjAxZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhD6tyagitU9e7ECSwkPb1w70zbc
IDi6XE4zAMQxtsvuJ8XRnzmz7UdmfqfHll0xd/z5ddexb7FblnBltv0pzvXYgw2h
LS6pijElbx6tsK6aY1ITJbIJ2JCvB7m0nHJzjS8AWZg1RXzceGhgIB++DySWkUPk
jSo4EzydjDKeVzBHMNe3dKU3MLjDodMNBcg/XAYOkj3jQvpg3Gm8Idi4Z+VHxkOX
WzO31ofg05D4VBd0+B6pj/DulXyFGkKWuX43ODtA2c48cSlS6Ifh864mcX0QypAI
ZO/Tdx+ZWEWUIN9KCvBUJYM8pRsFz9xOr22zAjDsiDC3WPjraoHTYbhCfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNGz0wr/YrxGsurYuvRdteC2YB3XMB8GA1UdIwQY
MBaAFIUrwUXFsiOU1v6umWvAuyUlSAHGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMt
OGQwNzEwZjNkMjc2LzEvMGJQVEN2OWl2RWF5NnRpNjlGMjE0TFpnSGRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jYTRmZjUtNDhhOC00ZWNjLWJhNzMtOGQwNzEwZjNkMjc2
LzEvaFN2QlJjV3lJNVRXX3E2WmE4QzdKU1ZJQWNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4nAMA0E
AgACMAcDBQAqAKDAMA0GCSqGSIb3DQEBCwUAA4IBAQA6zVG4hSLvn6s1yYRq27jo
+2RsdRZuDWfDTgJRdKV3F3nVLm+3lNXFGFwYRPsMSqUrv5rNeLiITk9i5anr2tMk
r0VvBfMrqF0gGnQ9FGrnLcDFMhqj3ymg/F5J6hXRLPjCco6k/uq/XDfElhtNyBye
dlCLOoFIYiPKoXqsBbkJj7+xabF+jWaMFHA2c7A7z7dXIMYQQeCZTj5qvYFRyc5h
/v6qr9zXugeFAWc3xJiAP4O9n5R5+jeEV0KEj5Vr23wfqmKC7604fZJte6BKJtHf
3kRTGqkhmAaxmUR7cohIPfRMnGKf3Zjh6ZPWBy1LpSjvITy+/XT8Ra8V2umJ59jE
-----END CERTIFICATE-----
Generated at Tue Apr 22 10:47:01 2025 by rpki-client